GDPR: How It Affects Your Small Business (Yes… Even in the US)

GDPR: How It Affects Your Small Business (Yes… Even in the US) – This article was taken from this month’s 44th issue of Scope Magazine, your online marketing resource guide for small business. Read more by clicking the button below!

What does a European Union law about privacy have to do with your small business?

That might seem like a ridiculous question to ask, but it’s not.

The General Data Protection Regulation, or GDPR for short, went into effect on May 25, 2018. And with privacy issues in the news on a near-daily basis, with the recent Congressional hearings about Facebook and Cambridge Analytica, you can’t afford to ignore the ramifications of GDPR for your business.

You could keep your head buried in the sand – but that’s not a good idea. Here’s what you need to know about GDPR.

What is GDPR?

GDPR is a law that was designed to standardize data privacy in the European Union’s member countries. It represents a big chance – and a victory for EU citizens, who can now be confident that their data will be secure and that the regulations used to ensure its security are transparent.

On the flip side, EU-based businesses have had to scramble to be compliant with the new rules. The biggest requirement involves Personal Identification Information, or PII. PII is sometimes used as a general term in the United States to describe personal information that companies might collect and store on behalf of their customers.

While PII has traditionally included information like Social Security numbers and addresses, the GDPR expands the definition of PII to include other things. For example:

In other words, companies in the EU must now protect their customers’ IP addresses and other information collected online with the same care that they would financial information. It further requires that organizations:

Store and process personal data only with an individual’s explicit consent

Hold data for only as long as it is necessary to do so

Destroy stored data upon request

There’s no denying that the implementation of GDPR represents a big change for EU companies.

How Does GDPR Affect Companies?

Think for a moment about the different ways in which you use the data you collect from your customers. The chances are good that you do more with it than you realize.

Organizations in the EU are finding that they institute company-wide changes to be compliant with GDPR regulations. Privacy can impact various departments within an organization, including:

IT

Sales

Marketing

Finance

Operations

Business owners and managers must work together to identify potential privacy problems and security issues and address them to protect the information they have stored. At the same time, they must accommodate incoming requests related to the “right to be forgotten” if customers ask them to delete the data they have on hand.

Why You Should Worry about GDPR Compliance?

Your business is based in the United States – and you might be asking the obvious question:

Why should I worry about GDPR compliance?

You may not need to worry too much about it if you have never had a customer who was an EU citizen. However, if you do business in the EU (or cater to tourists from the EU), then you might be impacted by the new regulations.

The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

In other words, if you collect data on your website from EU citizens, process payments from them, or hold any personal information belonging to EU citizens, you must adhere to GDPR rules about collecting, using, and storing their PII.

You might not have any EU customers, but even if you don’t it may be worth taking a look at the way you store personal data. There’s no question that there’s a worldwide movement toward increasing privacy protections. Cybercrime is on the rise and criminals are getting wilier every day. Considering the damage that a data breach can do to your bottom line, it makes sense to err on the side of caution.

What Are the Penalties for Violating the GDPR?

As you might expect, there are penalties attached to violating the GDPR. The law is meant to be a deterrent and the EU intends for organizations who fail to be complaint to pay a price.

The most likely penalty if you fail to protect EU citizens’ data is a fine. The maximum fine is 20 million Euros, which works out to nearly $25 million in US dollars. The specific rule is €20 million or 4% of the company’s global revenue, whichever is higher.

The harshest penalties are intended to punish companies with the most severe violations, such as violating core concepts or not getting a customer’s consent to process their data. Other fines are organized in tiers. For example, an organization can be fined 2% of their global revenue for things like:

Not having their records in the proper order

Not notifying the authorities of a security breach

Not conducting the required impact assessment

These are serious penalties. You’ll need to take a hard look at your security and data handling procedures to avoid them if you do business in the EU or with EU citizens.

What Should You Do Next?

If you do business in the EU or simply want to get your ducks in a row when it comes to protecting your customers’ data., it may be helpful to make a thorough review of your existing data collection and storage procedures to identify potential problems.

You can find detailed information about the GDPR on this website. Depending on your circumstances, you may want to consult an EU lawyer as well.

In the end, remember that GDPR compliance protects you as well as your customers. It can be impossible to protect the digital perimeter of your business from hackers, but the procedures required by the GDPR can give you an extra layer of protection in the event of a breach.

Scope Magazine – Issue #45

Check out the 45th issue of Scope Magazine here:, your online marketing resource guide for small business. Each month we will be covering topics that resonate with local businesses just like yours. Our goal is simple. We want to enable you to do big things online, and it all starts by breaking down the complexities of marketing your business online.

It doesn’t matter if you’re are just starting out, or an established business owner in your local community, you can always benefit from increasing your brand’s visibility online.

Client Testimonial

They are quick to respond to our needs and they explain things to us so well that we have had them train our staff to do a great deal of update work in-house.

Paul Rossi

corningymca.org

D3 never looked so good!!

Doug

Dave Clark Foundation

Thanks Greg. It looks great.

Angelica Feuer

Feuer Nursing Review

I feel very confident that you were on top of it. You're always very responsive to our issues and questions. I'm very thankful for that!

Diane

nyfarmersmarket.com

I love you all!! No Really!

Lea Cullen

greengurunetwork.com

As a first time author you learn as you go and one of the things I learned is the importance of the book cover it has to be an immediate attention grabber that motivates a person to buy the book. My first cover self-designed missed the mark, lesson learned ask Greg Breen of Scope Design for help! Sales begin to take off see for yourself.

Jim Cendoma

pep-the-book

Thank you Greg. Everything is exactly how I wanted it. Your work is excellent and quick. I appreciate your attention to details. Please send me a bill and I will get it paid right away.

Judy Graves

www.nyaael.org

Wow…I love my new site by Scope Design!…... I love the movement of it, the color, the feelings around it, and the professional, yet personal look. It truly reflects who I am as a person, and what I bring to my clients. I have been getting a lot of positive feedback- particularly around the idea that it is so indicative of my professional and personal essence. The suggestions Greg gave really made the difference in terms of quotes, testimonials, thumbnails, etc., and the process was organized and efficient. I know this new site will make a big difference in how I am seen in the world, and will attract exactly the right clients to me.
Thanks again Greg!

Katherine Poehnert, M.Ed. Psych., PCC

Executive Coach and Trainer, InSight Services Leadership

"your awesomeness is apparent . . .when you're a finalist in a design competition!!!
I entered our site with your name / company as designer / developer into a design competition - and we're a finalist!! They'll announce the winner next week, but really, I'm happy no matter what.
Good job, Greg - you're so good at what you do."

Jessica Pac

allsaintsparish.org

So thankful I was recommended to Greg for IT support. Everything that I have needed has been handled in warp speed! Superb customer service, excellent work, trustworthy, consistent and reliable. I especially value his ability to look beyond the scope of what you ask. I only wish that I had found him sooner! I highly recommend Greg and Scope Design.